Privacy Concerns with Facebook Applications

Last week, The Washington Post published an article about potential privacy concerns that result from using Facebook applications. Facebook greatly increased their popularity by letting users add custom functionality to their Facebook profile by installing application widgets — of which there are nearly 30,000 available.

However, many people do not realize that by adding these applications, they’re giving the applications (and therefore the application’s developer(s)) access to their personal information — irrespective of any privacy settings that a user may choose. Given that Facebook is an open platform where anyone can write an application, users are effectively giving complete strangers a slew of personal information.

My guess is that people are so willing to add these applications because they don’t know that their information is being collected, or they believe that all applications are vetted for by Facebook—they aren’t. Whenever you install an application, you confirm that you grant the application and its author access to some of your information, but what information can the developer see? Everything you put into the site.

I’m curious to see how incidents like this one are going to affect the transition from traditional desktop software to web-based software. We’re seeing many people and businesses ditch their desktop software in favor of web-based programs (see this article from PRWeb this week), but a factor that is slowing this trend down is the fact that many people are wary of trusting the internet with their personal information and data. While it appears that many people aware of these potential privacy concerns, there are also many people that don’t mind the situation, or, more likely, don’t know about it. Do businesses have an obligation to explicitly (or, even more explicitly) spell out the privacy concerns for their users? Could privacy concerns of this nature stunt the growth of social networking sites? I’m not sure, but I’ll definitely think twice before I install a new Facebook application.

11 Comments

You can follow any responses to this entry through the RSS 2.0 feed.
Responses are currently closed, but you can trackback from your own site.

simeon Jun 22, 2008 23:51

forget about just the applications, facebook itself is a privacy nightmare!

An emerging area of interest, for the privacy community at least, is the applicability of international privacy legislation to web-based services based in the United States.

Users and developers working out of the United States seem to forget (or don’t know) that many other countries, including Canada and all of Europe, have relatively strict data protection regimes in place.

This is the answer to your question: in these jurisdictions, companies DO have an obligation to spell out how they will guarantee the privacy of their users.

Mark C. Jun 23, 2008 17:59

Lawrence, you bring up a very interesting and relevant topic, and I enjoyed your analysis of online privacy. I would love to hear your thoughts regarding privacy beyond internet-based network websites. I’m sure we’ve all been through the “how on earth did they receive my contact information?” (e.g. headhunting firms, credit card companies, etc) Would be great to see if you had any more thoughts on how to protect yourself from unintentionally providing too much information.

Simeon, I agree with you to an extent. I believe that Facebook can be used without privacy issues as long users are informed of all the possible ways that their information can be obtained by unknown parties.

Natasha Jun 25, 2008 18:28

As an avid Facebook user, I have been prompted with the “Allow this application to…” message numerous times. Each time I get the box, I re-evaluate the application and decide whether I really want to grant this application access to all of my information. The majority of the time, I find that these applications are not worth it – in fact, I probably only have one or two additional applications added to my profile. If Facebook users do not want their information to be accessed by the application developers, then they also should not add the applications. However, I do believe that businesses should be required to explicitly state privacy issues for users; however, once stated…user beware…

Stephanie Jun 25, 2008 19:11

Interesting discussion on the move from traditional to web-based software. I think because of the globalization of our economy, it will become (or already is) necessary for businesses and people to use technology such as the internet to keep up with the ever-changing environment. So businesses do have the obligation to adequately educate their users on the issue of privacy because the companies need the users, and the users need the companies. And neither can work together if there are any remaining issues such as privacy concerns.

Weili H. Jun 26, 2008 19:11

I have read that it takes forever and a lot of phone calls to FB HQ to delete your information from their servers permanently. However I think all their shenanigans (online social sites) only deter the paranoid and the casual internet users aren’t aware enough to create a back lash until they are personally affected negatively in some way.

M Z Marko Kuo Jun 27, 2008 14:44

Privacy is an illusion and has been for decades. All one has to do is look at how court interpretations of the meaning of “reasonable expectation of privacy” has become narrower and narrower through the years. Regardless of how attractive the concept of privacy is to people in the abstract, or how visceral their reaction is to the intrusion of “privacy” when they hear about it, the reality is that people are more than eager to hand over confidential personal information for the sake of personal convenience. Cf. when credit cards first sprung up people were decrying the end of privacy too.